[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-talk] Tor Weekly News â June 11th, 2014
========================================================================
Tor Weekly News June 11th, 2014
========================================================================
Welcome to the twenty-third issue of Tor Weekly News in 2014, the weekly
newsletter that covers what is happening in the Tor community.
Tor Browser 3.6.2 is out
------------------------
Version 3.6.2 of the Tor Browser has been released [1], featuring âa fix
to allow the configuration of a local HTTP or SOCKS proxy with all
included Pluggable Transportsâ, as well as important fixes to mitigate
recent OpenSSL vulnerabilities, among other security updates. All users
are advised to upgrade [2] as soon as possible.
[1]: https://blog.torproject.org/blog/tor-browser-362-released
[2]: https://www.torproject.org/download/download-easy.html
The EFF announces its 2014 Tor Challenge
----------------------------------------
As part of the wider âReset the Netâ event [3], the Electronic Frontier
Foundation has launched [4] another in its occasional series of Tor
Challenges. The goal of the campaign is to increase the Tor networkâs
capacity and diversity by encouraging members of the public to run
relays, and directing them to the legal and technical guidance necessary
to do so.
So far, over 600 relays have been started (or had their capacity
increased) as part of the campaign: you can see a running total of
relays and bytes transferred on the campaign page [5]. Once youâve set
up your relay, you can register it on the page (anonymously or credited
to your name); stickers and T-shirts are on offer for those who run
relays of a certain size or for a certain period.
If you run into trouble setting up your relay, you can also find expert
advice and discussion on the tor-relays mailing list [6] or the #tor
channel on irc.oftc.net.
[3]: https://blog.torproject.org/blog/reset-net
[4]: https://blog.torproject.org/blog/tor-challenge-2014
[5]: https://www.eff.org/torchallenge/
[6]: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Tor and the âEarlyCCSâ bug
--------------------------
Following Aprilâs much-loved âHeartbleedâ bug, another OpenSSL
vulnerability was discovered â nicknamed âEarlyCCSâ [7] â that could
have an impact on the security of many internet services, including Tor.
Nick Mathewson explained [8] that although âTor is comparatively
resilient to having one layer of crypto removedâ, it may be affected to
the extent that âan adversary in the position to run a MITM attack on a
Tor client or relay could cause a TLS connection to be negotiated
without real encryption or authentication.â
Tor users and relay operators should make sure to update their OpenSSL
and Tor packages as soon as possible; those using a system tor (rather
than or in addition to the Tor Browser) should ensure that they restart
it once the updates are installed; otherwise they will not take effect.
[7]: http://ccsinjection.lepidum.co.jp/
[8]: https://lists.torproject.org/pipermail/tor-talk/2014-June/033161.html
A new website for the directory archive
---------------------------------------
Karsten Loesing announced [9] the new CollecTor service [10], which
spins off the directory archive section from the Metrics [11] portal.
Whatâs different? Archive tarballs are now provided in a directory
structure rather than a single directory [12], recently published
descriptors can now be accessed much more easily [13], and the
documentation of descriptor formats [14] has been updated.
The now obsolete rsync access to metrics-archive and metrics-recent will
be discontinued on August 4, 2014.
[9]: https://lists.torproject.org/pipermail/tor-dev/2014-June/006942.html
[10]: https://collector.torproject.org/
[11]: https://metrics.torproject.org/
[12]: https://collector.torproject.org/archive/
[13]: https://collector.torproject.org/recent/
[14]: https://collector.torproject.org/formats.html
More monthly status reports for May 2014
----------------------------------------
The wave of regular monthly reports from Tor project members for the
month of May continued, with reports from Karsten Loesing [15], Isis
Lovecruft (who submitted reports for both April [16] and May [17]),
George Kadianakis [18], Nicolas Vigier [19], and Roger Dingledine [20].
Roger also sent the report for SponsorF [21].
[15]: https://lists.torproject.org/pipermail/tor-reports/2014-June/000551.html
[16]: https://lists.torproject.org/pipermail/tor-reports/2014-June/000553.html
[17]: https://lists.torproject.org/pipermail/tor-reports/2014-June/000552.html
[18]: https://lists.torproject.org/pipermail/tor-reports/2014-June/000554.html
[19]: https://lists.torproject.org/pipermail/tor-reports/2014-June/000556.html
[20]: https://lists.torproject.org/pipermail/tor-reports/2014-June/000559.html
[21]: https://lists.torproject.org/pipermail/tor-reports/2014-June/000558.html
Miscellaneous news
------------------
The Tails developers formally announced [22] the upcoming Tails
Hackfest, inviting absolutely âanyone interested in making Tails more
usable and more secureâ to join them in Paris on the 5th and 6th of July
(immediately after the Tor dev meeting) and âlearn about the challenges
faced by Tails, and how you can be part of the solutionâ. Fuller details
of the venue and timetable can be found on the Tails website [23].
[22]: https://tails.boum.org/news/Join_us_at_the_Tails_HackFest_2014/
[23]: https://tails.boum.org/blueprint/HackFest_2014_Paris/
Several of Torâs Google Summer of Code students submitted their regular
progress reports: Juha Nurmi on the ahmia.fi project [24], Israel Leiva
on the GetTor revamp [25], Amogh Pradeep on the Orbot+Orfox
project [26], Quinn Jarrell on the pluggable transport combiner [27],
Marc Juarez on the link-padding pluggable transport development [28],
Noah Rahman on the Stegotorus refactoring work [29], Sreenatha
Bhatlapenumarthi on the Tor Weather rewrite [30], Daniel Martà on the
implementation of consensus diffs [31], and Mikhail Belous on the
multicore tor daemon [32].
[24]: https://lists.torproject.org/pipermail/tor-reports/2014-June/000555.html
[25]: https://lists.torproject.org/pipermail/tor-dev/2014-June/006959.html
[26]: https://lists.torproject.org/pipermail/tor-dev/2014-June/006960.html
[27]: https://lists.torproject.org/pipermail/tor-dev/2014-June/006961.html
[28]: https://lists.torproject.org/pipermail/tor-reports/2014-June/000557.html
[29]: https://lists.torproject.org/pipermail/tor-dev/2014-June/006962.html
[30]: https://lists.torproject.org/pipermail/tor-dev/2014-June/006964.html
[31]: https://lists.torproject.org/pipermail/tor-dev/2014-June/006966.html
[32]: https://lists.torproject.org/pipermail/tor-dev/2014-June/006984.html
Thanks to moparisthebest [33] for running a mirror of the Tor Project
website!
[33]: https://lists.torproject.org/pipermail/tor-mirrors/2014-June/000612.html
Roger Dingledine asked [34] the tor-relays mailing list about the
situation of Mac OS X users who would like to run Tor relays, and what
steps should be taken to make it easier for them to do so ânow that the
Vidalia bundles are deprecated and hard to findâ.
[34]: https://lists.torproject.org/pipermail/tor-relays/2014-June/004642.html
Isis Lovecruft has deployed BridgeDB version 0.2.2 [35] which contains
many fixes and translation updates. The email autoresponder should not
reply with empty emails any more.
[35]: https://gitweb.torproject.org/bridgedb.git/blob_plain/cb8b01bc:/CHANGELOG
Damian Johnson has written up [36] several ideas regarding a possible
rewrite of the ExoneraTor service [37] in Python.
[36]: https://lists.torproject.org/pipermail/tor-dev/2014-June/006970.html
[37]: https://exonerator.torproject.org/
HTTPS is sometimes heavily throttled by censors, making it hard to
download the Tor Browser over an HTTPS link. Israel Leiva is asking for
feedback [38] about making the GetTor email service reply with links to
unencrypted HTTP servers as a work-around.
[38]: https://lists.torproject.org/pipermail/tor-dev/2014-June/006977.html
Tor help desk roundup
---------------------
The help desk has been asked for information on TorCoin, a proposed
cryptocurrency. TorCoin is not affiliated with or endorsed by the Tor
Project. The Tor Project publishes guidelines on the use of its
trademark to try to prevent confusing uses of the Tor name [39].
[39]: https://www.torproject.org/docs/trademark-faq.html.en
Easy development tasks to get involved with
-------------------------------------------
obfsproxy, the traffic obfuscator, opens the âauthcookieâ file for each
new incoming connection. George Kadianakis suggests that it should
instead read the file on startup and keep its content in memory during
operation [40]. obfsproxy is written in Python/Twisted. The change
should be pretty small, but if you like finding the right places that
need changing, feel free to look at the ticket and post your patch
there.
[40]: https://bugs.torproject.org/9822
Upcoming events
---------------
June 11 19:00 UTC | little-t tor development meeting
| #tor-dev, irc.oftc.net
| https://lists.torproject.org/pipermail/tor-dev/2014-May/006888.html
|
June 11 19:00 UTC | Tails contributors meeting
| #tails-dev, irc.oftc.net
| https://mailman.boum.org/pipermail/tails-dev/2014-May/005818.html
|
June 13 15:00 UTC | Tor Browser online meeting
| #tor-dev, irc.oftc.net
| https://lists.torproject.org/pipermail/tbb-dev/2014-April/000049.html
|
June 30 â Aug 4 | Torâs Summer Dev Meeting
| Paris, France
| https://trac.torproject.org/projects/tor/wiki/org/meetings/2014SummerDevMeeting
This issue of Tor Weekly News has been assembled by Lunar, harmony, Matt
Pagan, Karsten Loesing, and Roger Dingledine.
Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [41], write down your
name and subscribe to the team mailing list [42] if you want to
get involved!
[41]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
[42]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk